At Made by Google 2025, the unveiling of the new Google Pixel 10 phones marked a significant milestone in the realm of digital media transparency. The integration of C2PA Content Credentials within the Pixel Camera and Google Photos signifies a commitment to enhancing the trustworthiness of digital content.
- The Pixel 10 series stands out as the first to incorporate Content Credentials directly into every photograph taken with the Pixel Camera.
- Achieving Assurance Level 2, the highest security rating defined by the C2PA Conformance Program, the Pixel Camera app sets a new standard for mobile applications, exclusively available on the Android platform.
- Employing a private-by-design strategy for C2PA certificate management ensures that no image or collection of images can be traced back to the creator.
- On-device trusted time-stamps enable users to trust images captured with the native camera app, even after the certificate has expired, regardless of whether the device was online at the time of capture.
These advancements are powered by the Google Tensor G5 and the Titan M2 security chip, showcasing the sophisticated hardware-backed security features inherent to the Android platform, complemented by the expertise of Pixel engineering.
A New Approach to Content Credentials
In an era where generative AI is reshaping creativity, distinguishing between AI-generated content and traditional creations has become increasingly challenging. The need to verify the source and history of digital content has never been more critical.
Content Credentials provide a comprehensive set of information regarding the creation and protection of media files, including images, videos, and audio. This technology employs the same digital signature mechanisms that have safeguarded online transactions and mobile applications for years, empowering users to identify AI-generated or altered content. This initiative fosters transparency and trust in generative AI, and can be further enhanced through watermarking technologies like SynthID.
As an industry standard, Content Credentials are supported by a coalition of leading companies dedicated to securely conveying the origin and history of media files. Developed by the Coalition for Content Provenance and Authenticity (C2PA), Google plays a pivotal role as a steering committee member.
Traditionally, digital content has been classified simply as “AI” or “not AI,” a binary approach that has influenced legislative efforts requiring synthetic media labeling. However, this method has its limitations, as highlighted in Google’s seminal report. Research indicates that labeling only synthetic content as “AI” can lead users to mistakenly believe that unlabeled content is devoid of AI influence—a phenomenon known as “the implied truth effect.” To address this, Google is pioneering a new classification system through C2PA Content Credentials.
Rather than adhering to a simplistic dichotomy, the Pixel 10 initiates a paradigm shift by categorizing digital content based on verifiable proof of its creation process or the absence thereof.
- Pixel Camera attaches Content Credentials to every JPEG photo captured, providing detailed descriptions as outlined by the Content Credentials specification for each mode of capture.
- Google Photos extends Content Credentials to JPEG images that are edited using either AI or non-AI tools, validating and displaying these credentials in a new section of the About panel when applicable. More information can be found in Google Photos Help.
With a diverse array of scenarios for attaching Content Credentials, our C2PA implementation architecture was meticulously designed to be:
- Secure from silicon to applications
- Verifiable, not personally identifiable
- Usable offline
Secure from Silicon to Applications
Stakeholders in the C2PA ecosystem are driven to ensure that provenance data remains trustworthy. C2PA Certification Authorities (CAs), including Google, are motivated to issue certificates solely to genuine applications from trusted developers, thereby safeguarding the integrity of the system. Similarly, app developers are keen to protect their C2PA claim signing keys from unauthorized access, while users seek assurance that the media they rely on is authentic.
The Pixel Camera application on the Pixel 10 lineup has successfully achieved Assurance Level 2, the pinnacle of security ratings defined by the C2PA Conformance Program. This accomplishment is attributed to a robust suite of hardware-backed technologies, including the Tensor G5 and the certified Titan M2 security chip, alongside Android’s hardware-backed security APIs. Only mobile applications operating on devices equipped with these essential silicon features and Android APIs can attain this assurance level. Google is actively collaborating with C2PA to establish future assurance levels that will further enhance hardware protections.
Achieving Assurance Level 2 necessitates verifiable, difficult-to-forge evidence. Google has developed an end-to-end system on Pixel 10 devices that verifies several key attributes. However, the integrity of any claim fundamentally relies on the application and operating system’s integrity, which must be consistently updated with the latest security patches.
- Hardware Trust: Android Key Attestation on Pixel 10 utilizes Device Identifier Composition Engine (DICE) support from Tensor and Remote Key Provisioning (RKP) to establish a trust chain from device startup to the OS, effectively mitigating common forms of abuse on Android.
- Genuine Device and Software: Leveraging the aforementioned hardware trust, Android Key Attestation enables Google C2PA Certification Authorities to verify communication with a genuine physical device, ensuring it has booted securely into a Play Protect Certified version of Android, while also confirming the recency of security patches across the operating system, bootloader, and system software.
- Genuine Application: Hardware-backed Android Key Attestation certificates include the package name and signing certificates associated with the app requesting the generation of the C2PA signing key, allowing Google C2PA CAs to verify that the app is a trusted, registered entity.
- Tamper-Resistant Key Storage: On Pixel devices, C2PA claim signing keys are generated and securely stored using Android StrongBox within the Titan M2 security chip. The Titan M2 is Common Criteria PP.0084 AVA_VAN.5 certified, ensuring strong resistance against key extraction or tampering. Android Key Attestation allows Google C2PA CAs to confirm that private keys were created within this hardware-protected environment before issuing certificates for their public key counterparts.
The C2PA Conformance Program mandates verifiable artifacts backed by a hardware Root of Trust, which Android facilitates through features like Key Attestation. This enables Android developers to utilize these tools to create applications that meet this standard for their users.
Privacy Built on a Foundation of Trust: Verifiable, Not Personally Identifiable
The security framework outlined above serves as the bedrock of privacy. Google takes additional measures to safeguard user privacy during the use of Content Credentials, addressing two significant challenges:
Challenge 1: Server-side Processing of Certificate Requests. Google’s C2PA Certification Authorities must authenticate new cryptographic keys generated on-device. To prevent fraud, these certificate enrollment requests require authentication. A conventional approach would necessitate user accounts for authentication, creating a server-side record linking a user’s identity to their C2PA certificates—a privacy compromise we are unwilling to accept.
Our Solution: Anonymous, Hardware-Backed Attestation. We address this challenge through Android Key Attestation, which enables Google CAs to verify the authenticity of the app on a secure device without ever knowing the user’s identity. Our CAs also adhere to a strict no-logging policy for information such as IP addresses that could potentially connect a certificate back to a user.
Challenge 2: The Risk of Traceability Through Key Reuse. A significant privacy concern in any provenance system is the potential for traceability. If the same device or app-specific cryptographic key is employed to sign multiple photos, those images can be linked by comparing the key. An adversary could potentially connect a photo posted publicly under a real name with one shared anonymously, compromising the creator’s anonymity.
Our Solution: Unique Certificates. We mitigate this risk with a maximally private approach. Each key and certificate is utilized to sign precisely one image, ensuring that no two images share the same public key. This “One-and-Done” Certificate Management Strategy renders it cryptographically impossible to link them. This engineering investment in user privacy aims to establish a clear standard for the industry.
Users can confidently utilize Content Credentials on Pixel 10 without concern that another individual or Google could trace any of their images back to them or to one another.
Ready to Use When You Are – Even Offline
The implementation of Content Credentials incorporates trusted time-stamps to guarantee that credentials remain valid even after the certificate used to produce them expires. Typically, obtaining these trusted time-stamps necessitates connectivity to a Time-Stamping Authority (TSA) server. However, what occurs when the device is offline?
This scenario is not merely hypothetical. Consider capturing a breathtaking photo of a remote waterfall. The image possesses Content Credentials verifying its capture by a camera, yet the cryptographic certificate used to produce them will eventually expire. Without a time-stamp, that proof could lose its validity, especially if you are far from a cell signal.
To address this, Pixel has developed an on-device, offline TSA.
Harnessing the security features of Tensor, Pixel maintains a trusted clock in a secure environment, completely isolated from the user-controlled environment in Android. This clock is regularly synchronized with a trusted source while the device is online and continues to function even when offline (as long as the device remains powered on). Consequently, your device can generate its own cryptographically-signed time-stamps the moment you press the shutter—no connection required. This ensures that the narrative behind your photo remains verifiable and trustworthy after its certificate expires, whether taken in your living room or at the summit of a mountain.
Building a More Trustworthy Ecosystem, Together
C2PA Content Credentials are not the singular solution for identifying the provenance of digital media. However, they represent a tangible step toward enhanced media transparency and trust as we continue to harness the creative potential of AI.
In our initial rollout of Content Credentials on the Android platform and Pixel 10 lineup, we have prioritized a higher standard of privacy, security, and usability. We encourage other implementers of Content Credentials to assess our approach and leverage these foundational hardware and software security primitives. The full potential of these technologies can only be realized through widespread ecosystem adoption.
We eagerly anticipate the expansion of Content Credentials across more Google products in the near future.
